Automating AutoIt detection

Benson Sy Trend Micro

Cybercriminals are known to adapt to technological advancements and to use commercially or publicly available tools to further improve their means of stealing data and money from unsuspecting users. They make use of these tools because of their ease of use, low cost and, more importantly, the low probability of getting detected.

When AutoIt v3 was first released in 2004, it was intended to help system administrators automate repetitive system tasks on Windows. However, our researchers recently found said freeware being used in compiling samples of persistent notable malware families like AUTORUN worms. This research paper discusses AutoIt malware code structures, which explain why cybercriminals prefer to create and compile threats the same way. It also discusses a way to heuristically detect obfuscated AutoIt malware. This would aid security researchers and developers in creating more powerful or low-risk heuristic detections.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.